aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2013-04-29 20:16:00 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2013-04-29 20:16:00 +0000
commit9d5d6c82d391cdfb1cc0858a8280268c7d5d1032 (patch)
treed9090d2d45302755ab234c7b8f8b2ec3258ed137
parent66538f3053e432bd86310de46edee518636e2f5d (diff)
downloadsrc-9d5d6c82d391cdfb1cc0858a8280268c7d5d1032.tar.gz
src-9d5d6c82d391cdfb1cc0858a8280268c7d5d1032.zip
Fix a bug that allows NFS clients to issue READDIR on files.
PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so
Notes
Notes: svn path=/releng/9.1/; revision=250061
-rw-r--r--sys/fs/nfsserver/nfs_nfsdport.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 63b18220bac6..16882b8ff01d 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -1574,6 +1574,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram,
nd->nd_repstat = NFSERR_BAD_COOKIE;
#endif
}
+ if (!nd->nd_repstat && vp->v_type != VDIR)
+ nd->nd_repstat = NFSERR_NOTDIR;
if (nd->nd_repstat == 0 && cnt == 0) {
if (nd->nd_flag & ND_NFSV2)
/* NFSv2 does not have NFSERR_TOOSMALL */